Dan Sanderson 05/12/2022
2 Minutes

This month is another important month for Microsoft Patch Tuesday and subscribers of our Cyber Thursday blog, with 75 vulnerabilities reported, 8 of which are considered “Critical” (RCE or LPE) vulnerabilities.

We start with 3 Zero-days, including 2 that have active exploits underway.  Do not delay getting your systems updated as several of these vulnerabilities are favorites of our Cyber Advisors penetration testers.

  • CVE-2022-26925 - Windows LSA Spoofing Vulnerability
    • Threat actors can intercept legitimate authentication requests, elevate privileges, and impersonate a Domain Controller
  • CVE-2022-22713 - Windows Hyper-V Denial of Service Vulnerability
  • CVE-2022-29972 - Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver [Azure Synapse and Azure Data Factory]


The other (8) 'Critical' vulnerabilities from Patch Tuesday:

  • Azure SHIR
    • Upcoming improvements to Azure Data Factory and Azure Synapse Pipeline infrastructure in response to CVE-2022-29972
  • RDC
    • Remote Desktop Client Remote Code Execution Vulnerability
  • Self-hosted Integration Runtime
    • Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver


Finally, there are other notable vulnerabilities from other software, vendors, technologies that should not be ignored:

  • F5 (BIG-IP)
    • We recommend to apply updates as soon as possible
    • Allows remote attackers to execute commands as 'root' without authentication

    • Interesting note: exploitation for shell dropping has been observed; if one misconfigures the appliance to 'allow default' on SelfIP then it is also vulnerable on non-management ports

    • We recommend that you apply this fix: https://support.f5.com/csp/article/K23605346

  • Cisco
    • Three flaws effecting Enterprise NFVIS Software
  • SAP
    • Remote Code Executions
  • Adobe
    • Third party patching, multiple advisories
  • SonicWALL
    • Secure Mobile Access (SMA) 1000 vulnerability

Our Recommendations:

  • Test and deploy patches to Domain Controllers to mitigate the new attack vector (NTLM Relay zero-day) related to CVE-2022-26925
  • Test and deploy Microsoft patches and fixes
  • Integrate Vulnerability Scanning and Vulnerability Management on a quarterly basis
    • These threats are mitigated with the implementation of foundational security controls (such as monitoring/logging, MFA, identity access controls, etc)
    • It is imperative to understand your critical assets to gain an understanding of risk and exposure as new vulnerabilities are constantly appearing
    • Threat actors are gaining speed on exploiting these flaws
    • Security measures and controls help gain visibility of network activity, and in the event a compromise occurs, this insight supplies the means to reduce the time of exposure while assisting in removal of persistent threats from environments
    • It is not a matter of if, it is a matter of when, therefore organizations need to be prepared to respond to a threat




Related Posts

It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout.

Matt Kanaskie 12 January, 2024

Revolutionize Your Business with the Premier Managed Services Partner in Minneapolis

In today's business world, the reliance on technology has become more significant than ever, making…

Matt Kanaskie 12 December, 2023

Hidden costs of Ransomware

When we think of ransomware attacks, immediate costs like ransom payments often come to mind. But…

Matt Kanaskie 07 December, 2023

IT Support: How to Manage Your Company's IT

In today's world, technology is advancing rapidly. This makes it extremely important for companies…